ID

VAR-201011-0019

CVE

CVE-2010-4008

TITLE

libxml2 of XPath Service disruption in expression (DoS) Vulnerabilities

DESCRIPTION

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document. Google Chrome is an open source web browser released by Google. It supports multiple encoding formats, XPath analysis, Well-formed and valid verification, etc. A double free vulnerability exists in libxml2 2.7.8 and other versions used in versions prior to Google Chrome 8.0.552.215. Packages for 2009.0 are provided as of the Extended Maintenance Program. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4008 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: cae85730aaa16e754195e18b2b128d48 2009.0/i586/libxml2_2-2.7.1-1.5mdv2009.0.i586.rpm f4edef0bd2539c874a4ee18dd3235495 2009.0/i586/libxml2-devel-2.7.1-1.5mdv2009.0.i586.rpm 592bbd5ad884cb7f15626d8ec00a945c 2009.0/i586/libxml2-python-2.7.1-1.5mdv2009.0.i586.rpm abfc530fe15542acf77e3abee46c5348 2009.0/i586/libxml2-utils-2.7.1-1.5mdv2009.0.i586.rpm 51bdedc951b8bbb6bbc3748c6a4b5f1f 2009.0/SRPMS/libxml2-2.7.1-1.5mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: aab2482cab13939e3d0ce93cfdd2d1b2 2009.0/x86_64/lib64xml2_2-2.7.1-1.5mdv2009.0.x86_64.rpm bac2084ecea5fd9459bd90f34f853045 2009.0/x86_64/lib64xml2-devel-2.7.1-1.5mdv2009.0.x86_64.rpm 418b6a3177323b782d9bb191f2d491e1 2009.0/x86_64/libxml2-python-2.7.1-1.5mdv2009.0.x86_64.rpm 69fd3a07ad8ac5a5eb44e2d1414104db 2009.0/x86_64/libxml2-utils-2.7.1-1.5mdv2009.0.x86_64.rpm 51bdedc951b8bbb6bbc3748c6a4b5f1f 2009.0/SRPMS/libxml2-2.7.1-1.5mdv2009.0.src.rpm Mandriva Linux 2010.0: fb5c9604e47d24e09ad712a649fcc35c 2010.0/i586/libxml2_2-2.7.6-1.1mdv2010.0.i586.rpm 6403c9bdaed960dbb3bcbe68666a52b7 2010.0/i586/libxml2-devel-2.7.6-1.1mdv2010.0.i586.rpm 586212f51e0791a0f2a38c7be5d9716a 2010.0/i586/libxml2-python-2.7.6-1.1mdv2010.0.i586.rpm 3be0dee356f402a507ad6b5d7a325a6d 2010.0/i586/libxml2-utils-2.7.6-1.1mdv2010.0.i586.rpm 145009255e759becf090ccbb7a222776 2010.0/SRPMS/libxml2-2.7.6-1.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: c63c714501a5b8ca2b9b6e9d5e937ddb 2010.0/x86_64/lib64xml2_2-2.7.6-1.1mdv2010.0.x86_64.rpm 657be2ee648752464520066023bd30ea 2010.0/x86_64/lib64xml2-devel-2.7.6-1.1mdv2010.0.x86_64.rpm 9d59d8f80191f2ed759de95958b4e0db 2010.0/x86_64/libxml2-python-2.7.6-1.1mdv2010.0.x86_64.rpm e2d0e7fdba10ad335bb9b58d0d8afb66 2010.0/x86_64/libxml2-utils-2.7.6-1.1mdv2010.0.x86_64.rpm 145009255e759becf090ccbb7a222776 2010.0/SRPMS/libxml2-2.7.6-1.1mdv2010.0.src.rpm Mandriva Linux 2010.1: e593d08acde951507fce73dbdf279b36 2010.1/i586/libxml2_2-2.7.7-1.1mdv2010.1.i586.rpm 53b338fe99b6824cb6edb16e3d388b51 2010.1/i586/libxml2-devel-2.7.7-1.1mdv2010.1.i586.rpm 139dacf78c8fb08030a5182784c112ec 2010.1/i586/libxml2-python-2.7.7-1.1mdv2010.1.i586.rpm 8dda64f49b49952502c50bf245ebf678 2010.1/i586/libxml2-utils-2.7.7-1.1mdv2010.1.i586.rpm 199d8b8af1f42c409b18e51731baf896 2010.1/SRPMS/libxml2-2.7.7-1.1mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: 75633f5ec4ef9eebdac70a9ecaab2449 2010.1/x86_64/lib64xml2_2-2.7.7-1.1mdv2010.1.x86_64.rpm e452646c112108d11d29a4ba78fba487 2010.1/x86_64/lib64xml2-devel-2.7.7-1.1mdv2010.1.x86_64.rpm 688e113fc36a3d51ee099e0e2ecaa28a 2010.1/x86_64/libxml2-python-2.7.7-1.1mdv2010.1.x86_64.rpm 493d57c4ec894516f11b69015b31ef5a 2010.1/x86_64/libxml2-utils-2.7.7-1.1mdv2010.1.x86_64.rpm 199d8b8af1f42c409b18e51731baf896 2010.1/SRPMS/libxml2-2.7.7-1.1mdv2010.1.src.rpm Corporate 4.0: 0c4e8b2ac2a276d280b66b6fa8551450 corporate/4.0/i586/libxml2-2.6.21-3.7.20060mlcs4.i586.rpm 53ccb20aea237421519e86d717a65369 corporate/4.0/i586/libxml2-devel-2.6.21-3.7.20060mlcs4.i586.rpm d08ff4980c6aca39516d1e726fbb974c corporate/4.0/i586/libxml2-python-2.6.21-3.7.20060mlcs4.i586.rpm fb30f123c27a29bd1efe793cfc257f90 corporate/4.0/i586/libxml2-utils-2.6.21-3.7.20060mlcs4.i586.rpm 46e9c8c019741553dd345a4d4487eb49 corporate/4.0/SRPMS/libxml2-2.6.21-3.7.20060mlcs4.src.rpm Corporate 4.0/X86_64: 92bc21ac3d7d357222b563fcb324b3c3 corporate/4.0/x86_64/lib64xml2-2.6.21-3.7.20060mlcs4.x86_64.rpm eb0624c01c1c4d3252ddeaf8163134eb corporate/4.0/x86_64/lib64xml2-devel-2.6.21-3.7.20060mlcs4.x86_64.rpm 80b58173e21e7f9e57b88082eccbefdc corporate/4.0/x86_64/lib64xml2-python-2.6.21-3.7.20060mlcs4.x86_64.rpm 5b7d80b623a1dc07e5dd319919a11fbc corporate/4.0/x86_64/libxml2-utils-2.6.21-3.7.20060mlcs4.x86_64.rpm 46e9c8c019741553dd345a4d4487eb49 corporate/4.0/SRPMS/libxml2-2.6.21-3.7.20060mlcs4.src.rpm Mandriva Enterprise Server 5: 4bc323f7bc1dab4927a7e8c4838ccc20 mes5/i586/libxml2_2-2.7.1-1.5mdvmes5.1.i586.rpm 5a1d23b817beb1fe3f2e939b0d2909ad mes5/i586/libxml2-devel-2.7.1-1.5mdvmes5.1.i586.rpm f53fd718b6f6e8e0e30b01aeb12b2f47 mes5/i586/libxml2-python-2.7.1-1.5mdvmes5.1.i586.rpm 717dc7dee73859eb65f68195fa4f80bc mes5/i586/libxml2-utils-2.7.1-1.5mdvmes5.1.i586.rpm 5fbf33c05587c8d4f1708737d52ffd58 mes5/SRPMS/libxml2-2.7.1-1.5mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: 06e99ea43205f25da07f39ea5fcc9233 mes5/x86_64/lib64xml2_2-2.7.1-1.5mdvmes5.1.x86_64.rpm 3ee19da3eebf29286a0543da82ba3707 mes5/x86_64/lib64xml2-devel-2.7.1-1.5mdvmes5.1.x86_64.rpm 5f1d18dc754447947dd88a1b1cd7ab1d mes5/x86_64/libxml2-python-2.7.1-1.5mdvmes5.1.x86_64.rpm ef5f8b03f8006957af1c289aa61600e1 mes5/x86_64/libxml2-utils-2.7.1-1.5mdvmes5.1.x86_64.rpm 5fbf33c05587c8d4f1708737d52ffd58 mes5/SRPMS/libxml2-2.7.1-1.5mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFM87BcmqjQ0CJFipgRAhtLAKDShPCQ/Gsm7qBzvcTZaIdAyTL0wQCfc7vl ViUDiKySUb6P7eFnOzt8Eg8= =8Sf0 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Libxml2 XPath Double Free Vulnerability SECUNIA ADVISORY ID: SA42721 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42721/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42721 RELEASE DATE: 2010-12-28 DISCUSS ADVISORY: http://secunia.com/advisories/42721/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42721/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42721 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Libxml2, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. For more information see vulnerability #11: SA42472 The vulnerability is reported in version 2.7.8. SOLUTION: Do not process untrusted XML content using the library. PROVIDED AND/OR DISCOVERED BY: Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences. ORIGINAL ADVISORY: http://code.google.com/p/chromium/issues/detail?id=63444 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: libxml2: Multiple vulnerabilities Date: October 26, 2011 Bugs: #345555, #370715, #386985 ID: 201110-26 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities were found in libxml2 which could lead to execution of arbitrary code or a Denial of Service. Background ========== libxml2 is the XML C parser and toolkit developed for the Gnome project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/libxml2 < 2.7.8-r3 >= 2.7.8-r3 Description =========== Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All libxml2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.7.8-r3" References ========== [ 1 ] CVE-2010-4008 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4008 [ 2 ] CVE-2010-4494 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4494 [ 3 ] CVE-2011-1944 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1944 [ 4 ] CVE-2011-2821 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2821 [ 5 ] CVE-2011-2834 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2834 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-26.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: libxml2 security update Advisory ID: RHSA-2012:0017-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0017.html Issue date: 2012-01-11 CVE Names: CVE-2010-4008 CVE-2011-0216 CVE-2011-1944 CVE-2011-2834 CVE-2011-3905 CVE-2011-3919 ===================================================================== 1. Summary: Updated libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919) An off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. (CVE-2011-1944) Flaws were found in the way libxml2 parsed certain XPath expressions. (CVE-2010-4008, CVE-2011-2834) An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905) Note: Red Hat does not ship any applications that use libxml2 in a way that would allow the CVE-2011-1944, CVE-2010-4008, and CVE-2011-2834 flaws to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger these flaws. Red Hat would like to thank the Google Security Team for reporting the CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008. All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 645341 - CVE-2010-4008 libxml2: Crash (stack frame overflow or NULL pointer dereference) by traversal of XPath axis 709747 - CVE-2011-1944 libxml, libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets 724906 - CVE-2011-0216 libxml2: Off-by-one error leading to heap-based buffer overflow in encoding 735751 - CVE-2011-2834 libxml2: double-free caused by malformed XPath expression in XSLT 767387 - CVE-2011-3905 libxml2 out of bounds read 771896 - CVE-2011-3919 libxml2: Heap-based buffer overflow when decoding an entity reference with a long name 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libxml2-2.6.26-2.1.12.el5_7.2.src.rpm i386: libxml2-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-python-2.6.26-2.1.12.el5_7.2.i386.rpm x86_64: libxml2-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-2.6.26-2.1.12.el5_7.2.x86_64.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.x86_64.rpm libxml2-python-2.6.26-2.1.12.el5_7.2.x86_64.rpm RHEL Desktop Workstation (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libxml2-2.6.26-2.1.12.el5_7.2.src.rpm i386: libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-devel-2.6.26-2.1.12.el5_7.2.i386.rpm x86_64: libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.x86_64.rpm libxml2-devel-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-devel-2.6.26-2.1.12.el5_7.2.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libxml2-2.6.26-2.1.12.el5_7.2.src.rpm i386: libxml2-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-devel-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-python-2.6.26-2.1.12.el5_7.2.i386.rpm ia64: libxml2-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-2.6.26-2.1.12.el5_7.2.ia64.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.ia64.rpm libxml2-devel-2.6.26-2.1.12.el5_7.2.ia64.rpm libxml2-python-2.6.26-2.1.12.el5_7.2.ia64.rpm ppc: libxml2-2.6.26-2.1.12.el5_7.2.ppc.rpm libxml2-2.6.26-2.1.12.el5_7.2.ppc64.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.ppc.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.ppc64.rpm libxml2-devel-2.6.26-2.1.12.el5_7.2.ppc.rpm libxml2-devel-2.6.26-2.1.12.el5_7.2.ppc64.rpm libxml2-python-2.6.26-2.1.12.el5_7.2.ppc.rpm s390x: libxml2-2.6.26-2.1.12.el5_7.2.s390.rpm libxml2-2.6.26-2.1.12.el5_7.2.s390x.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.s390.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.s390x.rpm libxml2-devel-2.6.26-2.1.12.el5_7.2.s390.rpm libxml2-devel-2.6.26-2.1.12.el5_7.2.s390x.rpm libxml2-python-2.6.26-2.1.12.el5_7.2.s390x.rpm x86_64: libxml2-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-2.6.26-2.1.12.el5_7.2.x86_64.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-debuginfo-2.6.26-2.1.12.el5_7.2.x86_64.rpm libxml2-devel-2.6.26-2.1.12.el5_7.2.i386.rpm libxml2-devel-2.6.26-2.1.12.el5_7.2.x86_64.rpm libxml2-python-2.6.26-2.1.12.el5_7.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4008.html https://www.redhat.com/security/data/cve/CVE-2011-0216.html https://www.redhat.com/security/data/cve/CVE-2011-1944.html https://www.redhat.com/security/data/cve/CVE-2011-2834.html https://www.redhat.com/security/data/cve/CVE-2011-3905.html https://www.redhat.com/security/data/cve/CVE-2011-3919.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPDc8yXlSAg2UNWIIRAp0FAKCr3G8qJvCfqK4BJBzJsMWlSYXXFQCgxNs7 ZcFDHRyFhx22yjGNtU/I5SA= =FALM -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04135307 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04135307 Version: 1 HPSBGN02970 rev.1 - HP Rapid Deployment Pack (RDP) or HP Insight Control Server Deployment, Multiple Remote Vulnerabilities affecting Confidentiality, Integrity and Availability NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-03-10 Last Updated: 2014-03-10 Potential Security Impact: Multiple remote vulnerabilities affecting confidentiality, integrity and availability Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential vulnerabilities have been identified with HP Rapid Deployment Pack (RDP) or HP Insight Control Server Deployment. The vulnerabilities could be exploited remotely affecting confidentiality, integrity and availability. References: CVE-2010-4008 CVE-2010-4494 CVE-2011-2182 CVE-2011-2213 CVE-2011-2492 CVE-2011-2518 CVE-2011-2689 CVE-2011-2723 CVE-2011-3188 CVE-2011-4077 CVE-2011-4110 CVE-2012-0058 CVE-2012-0879 CVE-2012-1088 CVE-2012-1179 CVE-2012-2137 CVE-2012-2313 CVE-2012-2372 CVE-2012-2373 CVE-2012-2375 CVE-2012-2383 CVE-2012-2384 CVE-2013-6205 CVE-2013-6206 SSRT101443 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Rapid Deployment Pack (RDP) -- All versions HP Insight Control Server Deployment -- All versions BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2013-6205 (AV:L/AC:M/Au:S/C:P/I:P/A:P) 4.1 CVE-2013-6206 (AV:N/AC:L/Au:N/C:C/I:P/A:P) 9.0 CVE-2010-4008 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2010-4494 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-2182 (AV:L/AC:L/Au:N/C:C/I:C/A:C) 7.2 CVE-2011-2213 (AV:L/AC:L/Au:N/C:N/I:N/A:C) 4.9 CVE-2011-2492 (AV:L/AC:M/Au:N/C:P/I:N/A:N) 1.9 CVE-2011-2518 (AV:L/AC:L/Au:N/C:N/I:N/A:C) 4.9 CVE-2011-2689 (AV:L/AC:L/Au:N/C:N/I:N/A:C) 4.9 CVE-2011-2723 (AV:A/AC:M/Au:N/C:N/I:N/A:C) 5.7 CVE-2011-3188 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-4077 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2011-4110 (AV:L/AC:L/Au:N/C:N/I:N/A:P) 2.1 CVE-2012-0058 (AV:L/AC:L/Au:N/C:N/I:N/A:C) 4.9 CVE-2012-0879 (AV:L/AC:L/Au:N/C:N/I:N/A:C) 4.9 CVE-2012-1088 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3 CVE-2012-1179 (AV:A/AC:M/Au:S/C:N/I:N/A:C) 5.2 CVE-2012-2137 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9 CVE-2012-2313 (AV:L/AC:H/Au:N/C:N/I:N/A:P) 1.2 CVE-2012-2372 (AV:L/AC:M/Au:S/C:N/I:N/A:C) 4.4 CVE-2012-2373 (AV:L/AC:H/Au:N/C:N/I:N/A:C) 4.0 CVE-2012-2375 (AV:A/AC:H/Au:N/C:N/I:N/A:C) 4.6 CVE-2012-2383 (AV:L/AC:L/Au:N/C:N/I:N/A:C) 4.9 CVE-2012-2384 (AV:L/AC:L/Au:N/C:N/I:N/A:C) 4.9 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP recommends that HP Rapid Deployment Pack (RDP) or HP Insight Control Server Deployment should only be run on private secure networks to prevent the risk of security compromise. HISTORY Version:1 (rev.1) - 10 March 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2128-1 security@debian.org http://www.debian.org/security/ Giuseppe Iuculano December 01, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : libxml2 Vulnerability : invalid memory access Problem type : local (remote) Debian-specific: no CVE ID : CVE-2010-4008 Bui Quang Minh discovered that libxml2, a library for parsing and handling XML data files, does not well process a malformed XPATH, causing crash and allowing arbitrary code execution. For the stable distribution (lenny), this problem has been fixed in version 2.6.32.dfsg-5+lenny2. For the testing (squeeze) and unstable (sid) distribution, this problem has been fixed in version 2.7.8.dfsg-1. We recommend that you upgrade your libxml2 package. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg.orig.tar.gz Size/MD5 checksum: 3425843 bb11c95674e775b791dab2d15e630fa4 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2.dsc Size/MD5 checksum: 1985 e1a498ed2e38225c5d10aaf834d9e0b9 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2.diff.gz Size/MD5 checksum: 83947 7af1ff46c9cacd57e7f977b295b39084 Architecture independent packages: http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.32.dfsg-5+lenny2_all.deb Size/MD5 checksum: 1307172 ceec72214783bdfc9d7643ea31a61d50 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_alpha.deb Size/MD5 checksum: 920664 429d086d4861511c6d9130bd7a165698 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_alpha.deb Size/MD5 checksum: 856680 fccba5f6884b74e873730e3140e0bad5 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_alpha.deb Size/MD5 checksum: 920616 33f850cafef51a45ef04714c9900e737 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_alpha.deb Size/MD5 checksum: 292784 2f2ad873f9f50a0400960264ba823aec http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_alpha.deb Size/MD5 checksum: 38026 e3f0bf3fe0f804bcd39df854e420cee6 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_amd64.deb Size/MD5 checksum: 988474 ea406c325fe1d3cf8e80eed39ff61f7e http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_amd64.deb Size/MD5 checksum: 295940 2a1754d35048a827dfeac4ee25f238d5 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_amd64.deb Size/MD5 checksum: 37328 0b6af9c052e005c439658215027eeead http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_amd64.deb Size/MD5 checksum: 774114 0c714b77c96e4d840048edbce00d959f http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_amd64.deb Size/MD5 checksum: 860726 cf7d9638a12709f527898f9c91ec389d arm architecture (ARM) http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_arm.deb Size/MD5 checksum: 246210 484d790396e82318e4eb5e38903497d9 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_arm.deb Size/MD5 checksum: 898986 5cbab6f3b7fa8df4a406d03eaa5762a2 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_arm.deb Size/MD5 checksum: 685530 9b9ea967472806e4f4b0d713d7198706 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_arm.deb Size/MD5 checksum: 782546 1dec5ad219c1f69439936f172323b4d3 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_arm.deb Size/MD5 checksum: 35174 f15d1f05b68e8299b2084315feea6078 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_armel.deb Size/MD5 checksum: 247756 4809a4f17729bfec952e25aeff5f612b http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_armel.deb Size/MD5 checksum: 906754 ee3e37855a6699771d3612180632a1df http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_armel.deb Size/MD5 checksum: 790732 0df793cc442fd5aff099c60852cfd031 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_armel.deb Size/MD5 checksum: 34258 95bb668363b085e6fea0848444ff0a42 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_armel.deb Size/MD5 checksum: 692210 acb1820adf968e8011d16b94cdc6d18c hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_hppa.deb Size/MD5 checksum: 867348 656a379b6cd2f3bc167c4c580f4f9588 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_hppa.deb Size/MD5 checksum: 300124 646af54075ce65b1f318773e55f3b8ae http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_hppa.deb Size/MD5 checksum: 36974 6595d5ef74d9710d4498159da8fe8879 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_hppa.deb Size/MD5 checksum: 931526 94752ea0ec5e56c0ce2bfa6fd8ffc7c2 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_hppa.deb Size/MD5 checksum: 889446 3342e94f7cb0f5c89f4a95969750d6fe i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_i386.deb Size/MD5 checksum: 264698 ce75352a38803aa7d94111c44ccc7a30 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_i386.deb Size/MD5 checksum: 945316 95cf7cbbb06087b7f18c52f897b4ba78 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_i386.deb Size/MD5 checksum: 814750 df1f647ba1306ce5138b50f06089d3db http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_i386.deb Size/MD5 checksum: 698690 4e54bd82a4b679478806da0e14212268 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_i386.deb Size/MD5 checksum: 33754 92c4c50e1a3f6160ab72316d1cf678ba ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_ia64.deb Size/MD5 checksum: 48096 df26f8dc1b4e78de97d22fb6f328844d http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_ia64.deb Size/MD5 checksum: 1144394 8a3e9d36f7bcebc74fe83f2f602197c6 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_ia64.deb Size/MD5 checksum: 1150678 6efac0dc67e48b20922bc321ad14b1ed http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_ia64.deb Size/MD5 checksum: 926300 8381127e0f7f55f23a5a798ec6a043b5 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_ia64.deb Size/MD5 checksum: 320066 c18be638d183a965bcff61cbef015b44 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_mipsel.deb Size/MD5 checksum: 975846 27602acbf39c6086b0ccccc2a075888c http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_mipsel.deb Size/MD5 checksum: 809424 62a1a3153b1f2898bd36914b9d953a59 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_mipsel.deb Size/MD5 checksum: 821888 df10f6c3fa7dd05d6aeba73b8a82fe7a http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_mipsel.deb Size/MD5 checksum: 34188 489be157e2061a3e958a1c9693f6fb07 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_mipsel.deb Size/MD5 checksum: 252622 ffe51c47bcaa9883addae4da42850e8a powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_powerpc.deb Size/MD5 checksum: 950566 3ad6dc272c21e8f849fb06cca054dcd6 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_powerpc.deb Size/MD5 checksum: 42054 1b29e288243c30441833b359a36cd09f http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_powerpc.deb Size/MD5 checksum: 834730 e79241dec4e3e7328e305a8fb0505d18 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_powerpc.deb Size/MD5 checksum: 285718 df9b1705a6faea8bd1a3f0db9464f4c1 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_powerpc.deb Size/MD5 checksum: 789938 1831f4e506ea36d5d6dbf4af3864835e s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_s390.deb Size/MD5 checksum: 38078 b238d71479ae8c7dfdce22b7b96e96f6 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_s390.deb Size/MD5 checksum: 297668 87fc74097472950250bdef49cfc1401d http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_s390.deb Size/MD5 checksum: 854128 bba7607e556f4d03578a6fd7b206c542 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_s390.deb Size/MD5 checksum: 762632 aaf2e13c002c2128fd8f06b49e8b0079 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_s390.deb Size/MD5 checksum: 968000 20682a3eddbc11161cabe014eb67cc2f sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.32.dfsg-5+lenny2_sparc.deb Size/MD5 checksum: 36538 c94d075d63dfa8c35cdca960d12e1ba7 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.32.dfsg-5+lenny2_sparc.deb Size/MD5 checksum: 845248 9b9da876e13164f4346e7efcf9b94a96 http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.32.dfsg-5+lenny2_sparc.deb Size/MD5 checksum: 279186 1f5a7299a4c7fbf27d73d017909679e9 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.32.dfsg-5+lenny2_sparc.deb Size/MD5 checksum: 727602 b1b0633a4bdb40f1e0a341a1b86c812c http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny2_sparc.deb Size/MD5 checksum: 803608 8a339109db809222dd0dd9e795062fa2 These files will probably be moved into the stable distribution on its next update

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

buffer error

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/a:google:chrome"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/a:openoffice:openoffice.org"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/a:vmware:esx"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/a:vmware:esxi"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/a:xmlsoft:libxml2"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:apple:mac_os_x"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:apple:mac_os_x_server"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/o:apple:iphone_os"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:apple:ipad"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:apple:iphone"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/h:apple:ipod_touch"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/a:apple:itunes"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/a:apple:safari"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/a:hp:system_management_homepage"
          }
        ]
      }
    ]
  }
]

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Mandriva

SOURCES

LAST UPDATE DATE

2025-05-27T21:10:03.318000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE